Astria Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-04

Page last updated on April 11, 2024

Astria Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-04 16:02:23 EST.

Filings

10-K filed on 2024-03-04

Astria Therapeutics, Inc. filed an 10-K at 2024-03-04 16:02:23 EST
Accession Number: 0001410578-24-000127

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have established processes to assess, identify, and manage cybersecurity risks. These processes are integrated into our overall risk management program and are designed to protect our information assets from internal and external cyber threats and include: implementing physical, procedural, and technical safeguards; developing and maintaining comprehensive response plans; conducting regular exercises and tests to identify potential vulnerabilities; engaging with external cybersecurity experts to enhance our oversight and keep pace with evolving threats; and considering the cybersecurity capabilities of partners and third-party service providers, both prior to engaging them and on an ongoing basis. Cybersecurity Governance and Oversight Our board of directors provides direct oversight of cybersecurity risk and has delegated to its audit committee the responsibility of reviewing and discussing with management our risk exposures relating to cybersecurity. The board of directors and the audit committee conduct periodic reviews of our cybersecurity readiness to ensure continuous improvement in our cybersecurity strategies and receive regular updates from management on cybersecurity matters and are promptly informed by management about any significant new threats or incidents. We have implemented robust mechanisms to monitor and manage cybersecurity threats and incidents, including utilization of advanced tools for continuous monitoring of our IT environment to detect and mitigate threats, a fundamental plan for responding to cyber incidents and training for employees to recognize and report potential cybersecurity incidents and to foster a culture of cybersecurity awareness and vigilance. We have a dedicated management team, led by our Vice President of IT, that is responsible for operational oversight of our cybersecurity strategy and policies. Our Vice President of IT has an extensive background in IT management with a focus on securing sensitive biotech data and systems, having held similar roles at two previous biotech companies with 93 Table of Contents responsibilities including corporate infrastructure and cyber security readiness and response, in addition to over 20 years of professional experience in IT. Any identified cybersecurity incident is reported to our cybersecurity management team, which evaluates the severity of the incident. Based on this assessment, further steps are taken involving other members of management and, depending on the severity, the audit committee and the board of directors. We believe this structured approach allows us to effectively manage and mitigate cybersecurity risks, safeguarding our systems and data against various digital threats. Additionally, our proactive stance is supported by comprehensive cybersecurity insurance, which further reinforces our preparedness against potential cyber threats. Cybersecurity Incident Reporting and Management We have not identified any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, we remain vigilant and prepared to respond effectively to any incidents, should they arise.

Company Information